1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
Return-Path: <karljohan-alm@garage.co.jp>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
by lists.linuxfoundation.org (Postfix) with ESMTP id 5F343C0001
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 15 Mar 2021 23:11:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id 563964EC11
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 15 Mar 2021 23:11:05 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: smtp4.osuosl.org (amavisd-new);
dkim=pass (1024-bit key) header.d=garage.co.jp
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id y7mQblCZLDM7
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 15 Mar 2021 23:11:04 +0000 (UTC)
X-Greylist: delayed 00:08:51 by SQLgrey-1.8.0
Received: from mta09.mta.hdems.com (mta09.mta.hdems.com [52.199.63.168])
by smtp4.osuosl.org (Postfix) with ESMTPS id 20AB54EC01
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 15 Mar 2021 23:11:04 +0000 (UTC)
Received: from mo.hdems.com (unknown [10.5.84.10])
by mta09.mta.hdems.com ('HDEMS') with ESMTPSA id 4DzsPZ2DX3z2K1r9B
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 15 Mar 2021 23:02:10 +0000 (UTC)
X-HDEMS-MO-TENANT: garage.co.jp
Received: from mail-lf1-f69.google.com (mail-lf1-f69.google.com.
[209.85.167.69]) by gwsmtp.prod.mo.hdems.com with ESMTPS id
gwsmtpd-trans-d566ba58-e99a-416e-a7b1-417b4eee33b6
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 15 Mar 2021 23:02:04 +0000
Received: by mail-lf1-f69.google.com with SMTP id k14so10705555lfg.16
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 15 Mar 2021 16:02:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=garage.co.jp; s=google;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=DyLy+9vS6Jp01S/B5/2OD/61sC1xSHbomQVOVY3kXts=;
b=oPEPxllfLjV+YVbjGxhGLHFPYA1IUgjfCqEPfZG0RnTawd4hyXYZ2zb0uTpS+Xqq8r
p0Hkjna99Br9eDQcLtPoC9YKItBW8mssWnYIXA1zFlx9keveUc24uq8mX2gokDsJxxVv
6+FONEQGifmOiHKwmI11caPo3phhXtrmRaw5A=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=DyLy+9vS6Jp01S/B5/2OD/61sC1xSHbomQVOVY3kXts=;
b=E2CagIZiXKbEMW/jZlOwxPtFICIPcksOcI56geC1Z3CVZgjkLTMwmlDji/aySa37V9
KgblZPwmoXyzHc09ld5/tuUV66K4xNJZHlZ33ZEysqD5elKT5vcgDPwpVW3zcrqeXmSF
Md5/qMTsaDk+MQLTouKV6nIX2IlXJjorxUQDv55m0scswpeCVBXYbDfCpEZ+EI/SGUR9
k1LFrHcwSETuW2uKAJakmQku/13oud8uPv6PpCyglKcWa2hSG+N7j3pHt4DyBrMXaxfQ
5DEITt9tBX7TGMiGgRS75cQaGXwTWAwQGgdE1yv9KireEURwg/BZx9s0pwT6j47dWWZs
v+bA==
X-Gm-Message-State: AOAM533oz2OOeU400wzzNKpG4c3Se9dkDAEH2G1qbqGIfL0+HJOkzwhW
8fm6jYhuF0U1/+5kLak59Bu/Qe5Jrbl9xgHk62O/JESYfHZrTVB1B936I2LTfKSR8Uc2kb0suRz
J+/PbFAmyjwwrZd1x/PmLzzPBPNMAkJbJPNUA0JRcv1ardOsXMECXk18vQ1WFCiMrkIaWY4p1AX
3SszGFsmHjbhc2imqSeJZx4nkNdzTD0d3WrlGjKJOm0GDWGlsfvNOGIK3071yvBrCxH4LStiCvA
YlsBq7pfEss917wdGhy6wjx4oo86zubP1Z0ZGfIQhtd4tSsuU5X2gBF2YguXAmGtj5fc7W8P5e2
2FStTm6b5lCi7/BC6NyH/Eutc2jI
X-Received: by 2002:a19:404f:: with SMTP id n76mr9500139lfa.184.1615849323395;
Mon, 15 Mar 2021 16:02:03 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw3py9Wd8Iz10uhwzQMto2ev5diMjiofyGLVjotYvvSMRXVQ/C0n85oIQpuzHeV2VPIrSrdUnzOiRdrg9zkKtw=
X-Received: by 2002:a19:404f:: with SMTP id n76mr9500122lfa.184.1615849323064;
Mon, 15 Mar 2021 16:02:03 -0700 (PDT)
MIME-Version: 1.0
References: <202103152148.15477.luke@dashjr.org>
<a88cd471-fdc9-de35-86cd-595b387249c8@mattcorallo.com>
<CAD5xwhi82fjRB4Ceb6Gnp+LvTweWjwFRmWU5zD-3o6s_GoEvPw@mail.gmail.com>
<a4b9df55-b95b-9c95-62ea-7bf6eeec113d@mattcorallo.com>
In-Reply-To: <a4b9df55-b95b-9c95-62ea-7bf6eeec113d@mattcorallo.com>
From: Karl-Johan Alm <karljohan-alm@garage.co.jp>
Date: Tue, 16 Mar 2021 08:01:47 +0900
Message-ID: <CALJw2w4hBk1pZrV7E6FNDPDCWH=T_S6qAHGKvRC6JsT9iZevfg@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [bitcoin-dev] PSA: Taproot loss of quantum protections
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Mar 2021 23:11:05 -0000
On Tue, 16 Mar 2021 at 07:48, Matt Corallo via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> Overall, the tradeoffs here seem ludicrous, given that any QC issues in Bitcoin need to be solved in another way, and
> can't practically be solved by just relying on the existing hash indirection.
The important distinction here is that, with hashes, an attacker has
to race against the spending transaction confirming, whereas with
naked pubkeys, the attacker doesn't have to wait for a spend to occur,
drastically increasing the available time to attack.
It may initially take months to break a single key. In such a
scenario, anyone with a hashed pubkey would be completely safe* (even
at spend time), until that speeds up significantly, while Super Secure
Exchange X with an ultra-cold 38-of-38 multisig setup using Taproot
would have a timer ticking, since the attacker need only find a single
privkey like with any old P2PK output.
(* assuming no address reuse)
|
